An unknown attacker managed to obtain root privileges for some of the most important servers at kernel.org – the main distribution site for the Linux kernel and for a variety of Linux-related software. The web site's news section shows that the administrators detected the intrusion on 28 August.

Well, it did require that people regenerate their keys.. so it's a possibility, but kernel.org would also have had to been using an older version of openssh, as I believe newer versions have the keys blacklisted.